All about refreshers ...

Cheng Wei — Thu, 02 Oct 2008 02:19:00 GMT

If you have been using VMM for a while, you’ve probably figured out that we use various “refreshers” to pull data from the hosts and VMs that we manage. When deploying VMM in various sized environments, depending on the perf/scale requirements, you might need to tweak the refresher schedule to achieve the best performance.

So, to help you understand what’s happening “under the hood”, here are the refreshers we use in SCVMM 2008 product. Please note, that not all refreshers are customizable.

Host Refresher: Runs every 30mins on every host (with time lags) and updates host properties. It also updates disk/SAN and host network (NIC / virtual switch) information. It does not check any VM related properties or perf counters on hosts. Can be manually triggered on the UI or through cmdlet.

VM Refreshers: Two types

VM Heavy Refresher: Runs every 30mins on every Host and also runs whenever a VM is clicked on (or when you call refresh-vm cmdlet). It updates all VM properties, resource pools, clustering information for this VM and snapshots. But it does not update VM performance counter info.

VM Light Refresher: Runs every 2mins on every Host that is currently in the VMM database. This refresher does the following:

- Checks the host state (to see if the agent is running or the agent is down) and virtualization software status

- Syncs the state of a VM

- Marks VMs as missing

- Imports new VMs created outside of VMM (When VMM detects a new VM created on the virtualization platform, we import it into VMM and kick off the heavy refresher for the new VMs)

Cluster Refresher: Runs every 30mins and refreshes all cluster properties (including bringing in newly added nodes or taking our removed nodes). Can be manually triggered on the UI or through cmdlet.

Library Refresher: Runs on user configurable schedule (increment by 1 hour interval and can be turned off completely) and updates the library shares info and library objects. Can be manually triggered on the UI or through cmdlet.

Perf Refresher: Runs every 9 minutes on a host or whenever there is any state changing operation on the VM (i.e. start/stop/save/etc.). It collects perf counter information of both the host and all the VM’s on a given host.

VirtualCenter Refresher: Runs every 30mins and refreshes VC properties, ESX hosts and resource pools that are managed by this VC. Can be manually triggered on the UI or through cmdlet.

User Role Refresher: Runs every 30mins and updates user role properties.

PRO Tip Refresher: Runs every 30secs. It looks for PRO specific alerts in OpsMgr and reconciles the PRO tips in our DB against the data that is brought back from OpsMgr. This refresher cannot be manually triggered.

Thanks for reading and hope this is useful,

Cheng

User Role Management and Self-Service in SCVMM 2008 Beta

Cheng Wei — Fri, 09 May 2008 10:01:00 GMT

One of the key new investments in SCVMM 2008 is a significantly improved User Role Management. In other products, you may see the same concept referred as Role Base Access Control (RBAC) or other terms.

In a nutshell, comparing with the two user roles (Administrator and Self-Service user) we have in SCVMM 2007, we now support full role configuration by allowing further customization on the scope (what objects you can manage) and the profile (what actions you can take on the objects you have rights to manage). Here is how we define "user role" (by the way, this concept is similar to how SCOM defines it):

Based on this definition, in this new role model, we have three types of user role:

Administrators

No scope customization available, Administrators have access to all objects

Delegated Administrators

Can be limited to one or more host groups including all child objects
Can be limited to one or more Library servers including all child objects

Self-Service Users

Can be limited to a single host group where new virtual machines may be created
Can be limited to a single Library share where new virtual machines can be stored
Can be limited to specific templates to use for new virtual machines

The new profile for "delegated administrators" allow users to divide their virtualization resources into segments and assign full administration rights to separate administrators who manage those separate segments. The user can even decide to further segment the resources by creating new delegated administrators that manages parts of the segmented resource groups. This functionality can be very useful in a geographically disparsed administration scenario, as well as for an environment where Dev/Test/Production are strictly managed by different groups with requirements for a centralized resource management console.

And the following diagram shows how the three types of user profiles differ from one another in terms of their scopes and profiles:

Here are some additional notes on how to manage self-service users :

Configure available actions

Independently allow/disallow basic actions like start, stop, pause, save state, restore
Allow / disallow the ability to create new virtual machines
Allow / disallow the ability to store virtual machines to a Library location

Define Profile Scope for virtual machines

Virtual machine creation can be limited to hosts in specific host groups
Storing virtual machines can be limited to specific Library shares

Also, as to VM management, here are the tips on how to manage self-service users on controlling VMs:

First, please be aware that users can only create new virtual machines from templates that are created by the VMM Administrators. This allows the VMM admins to control what type of VMs (hence, what hardware resources) the self-service users can create.

Users can only modify the computer name and Administrator password
All other settings (memory, drives, disks, etc) must be part of the template

Now, the next step is how to configure the templates for self-service users so that they can use them to create the VM they need.

Ensure that the appropriate additions/enlightenments are installed
Blank out the Administrator password so that it may be reset during creation
Enable RDP access if desired
If you have a volume license key, store the key in the OS profile of the template

Once the templates are created and the self-service users are defined, you may also want to define profile quotas to prevent any individual self-service user from abusing shared resources.

Determines the number of virtual machines that users can have at one time
Templates can be customized with quota requirements
Flexible point based system

As an exmaple to how users may leverage the power of this new user role model in SCVMM 2008, the following user role hierarchy can be implemented to meet regional and functional administration delegation requirements. I highly recommend you to give it a try and let us know your feedback.

Thanks for reading!

Cheng

Cheng's Random Thoughts on System Management : User Role Management

All about refreshers ...

User Role Management and Self-Service in SCVMM 2008 Beta